Passwords (again), silly Twits, and more…

Test Your Passwords

Click here for (another) password tester. Yes, I know I’ve given a link to a site like this before. I don’t apologise because I’ve seen how much upset can be caused by a malicious person guessing a client’s password. See this blog on the subject of stolen Gmail passwords, for instance. Even if you don’t change any existing passwords, please use strong ones in the future. In the meantime, find out how good that one password (that you use for everything!) actually is – or not.

A Plug for Low Cost Names

If you find yourself wanting to register a web domain, then I definitely recommend doing it with LCN. I’ve been using them for years and never had a problem, but hadn’t realised before just how good an example they set in communication and online support. This week I needed to register a domain for some testing I was doing. I needed to speak with someone and was very pleased to find that they prominently publish their telephone number on their website. Not only that, it is a normal, non-premium, UK landline number. Even better, the normally-elusive technical support people were available from option number one on their automated telephone menu system. Then they told me how many were in the queue before me. Then, within a minute or so, they answered me with a knowledgeable, UK-based adviser. That’s the way to do it!

Who Said You Could Share My Data?

Is it just a coincidence how snugly the Twitter and Linked In logos merge together?

I was rather miffed last week to receive an email from Twitter suggesting people that I might like to “follow”. Apart from the fact that I’m perfectly capable of deciding for myself whether my life is so empty that I want to fill it by “following” anybody (it isn’t and I don’t), I was annoyed by the unsolicited intrusion into my inbox and by the fact that two out of the three suggestions were people who had figured in my Linked In connections (one of whom I had deleted). I hadn’t realised before that Twitter and Linked In were connected and I certainly hadn’t knowingly given them permission to share information with each other. When I looked at the privacy policy of Twitter I learned:

“Links: Twitter may keep track of how you interact with links across our Services, including our email notifications, third-party services, and client applications, by redirecting clicks or through other means. We do this to help improve our Services……”

Well, I for one do not consider sharing data this way and then sending me unsolicited emails to be “improving…. services”. Instead, it just reminds me of some of my worst nightmares of these large organisations sharing more and more data amongst themselves, and then coming to computer-generated conclusions about who I am and what I want.

And still on the subject of Twitter…

Did you see the Channel 4 programme last week called “Don’t Blame Facebook”? It told tales of how injudicious tweeting and posting on social network sites can cause unforeseen problems. It’s amazing just how shortsighted and, frankly, stupid people can be in giving away too much information on these sites. Nevertheless, even I had to feel sorry for the the couple who were refused entry into the USA and sent back home without having their holiday just because of the paranoia of the spooks who monitor everything that is shared on Twitter. Apparently, the male half of the couple had tweeted that he intended to “..destroy the US” while on holiday. He just meant he was going to have some fun, and maybe a drink or two. Nevertheless, they were stopped by the US border guards on their way in, spent a while in jail, and then returned to the UK.

I realise that I do go on a bit about what I see as the dangers of Facebook, but, while acknowledging that fact, I don’t apologise for it. This week I spotted something that is not directly Facebook’s fault, but is a consequence of collecting all that personal data about people’s lives, thoughts, beliefs, actions, and which is surely a gross misuse of that data. Here’s a precis:

US colleges and even government departments are more-or-less forcing students and job applicants to open up the most private data in their Facebook accounts to prying, official, eyes. They do not need hacking techniques to get into the accounts on the quiet (although I’m sure such techniques exist and are available to any organisation that wants them enough). Instead, they just use bullying tactics – such as forcing a job applicant to open up their Facebook account in front of the interviewer, or making it a condition of application that a student “befriends” a snoop paid by the college to spy on students via their Facebook accounts.

If I ever try to have a conversation about online privacy to anyone under about 30 years old they just think I’m insane. They “don’t get it”. They can’t see why it’s potentially a bad thing to trust your most personal secrets to websites over which you have no control. Well, surely no-one can be oblivious to the threat to personal liberty that’s obvious in the tactics described here.

It’s easy to say “that’s in the USA, it wouldn’t happen here”, but why wouldn’t it? The way I see it is that the very fact that all this data exists constitutes a threat in itself. There are bound to be people out there keen to exploit the power that is latent in the data itself. I doubt very much that people on the receiving end of such bullying could plausibly deny that they have a Facebook account, so what are they to do?

One of the positions often taken by people who don’t care about personal privacy online is to shrug their shoulders and say “I’ve got nothing to hide. I don’t care what people see”. To my mind, that’s an attitude taken by people who haven’t thought it through. We all present different facets of ourselves to different people in different situations. Imagine a typical eighteen year old enjoying herself on an evening out with friends. She is doing nothing wrong, nothing to be ashamed of, nothing to “get found out about”. Nevertheless, would that eighteen year old feel comfortable if she thought that an authority figure such as a parent, teacher, employer, or policeman, could listen in to every word of every conversation, record it, replay it, analyse it? In effect, that’s the kind of thing that’s happening if people are being bullied or forced into opening their Facebook accounts to authority figures with no right to be there.

Most of my computer support clients are more likely to be the parents of such bullying victims rather than the victims themselves, but maybe that makes this topic more – rather than less – relevant to you.

Update 23/05/2018:

The original link was to http://redtape.msnbc.msn.com/_news/2012/03/06/10585353-govt-agencies-colleges-demand-applicants-facebook-passwords, but the web page isn’t there any more.

And remember what they say – just because you are paranoid doesn’t mean they’re not out to get you!

Last month I was appalled – but not particularly surprised – to learn that your credit rating in the future could be affected by who you hang around with on Facebook. A company called Lenddo claims on its website to be “… the world’s first credit scoring service that uses your online social network to assess credit.” Admittedly, they do say on their website that they’re aiming themselves at “professionals in emerging markets” rather than UK citizens, but that doesn’t affect the principle and it doesn’t stop this from being – potentially – the thin end of a very nasty wedge.

So, if you are “friends” (according to Facebook’s meaning of that word) with people who have a poor credit rating then your own credit rating could be affected. I know I’m in danger of showing my age here, but I was brought up to believe that finances are a personal and a private matter. It’s none of my business what someone else’s credit rating is – whether they are friends, family, colleagues or anyone else (unless, of course, I enter a financial relationship with them). Lenddo. however, are saying EXACTLY the opposite. They are saying that if I apply to them for a loan then YOUR credit rating becomes part of MY financial business if you and I are Facebook friends. If you are a computer client of mine then our financial relationship is based on trust and I wouldn’t have it any other way. But if I’m daft enough to take Lenddo and Facebook seriously I might now be interested in your financial status because it could reflect on my own – rather than on whether I think you will pay my bill for the computer service I provide!

It gets worse. Lenddo could be finding out all kinds of other information from a Facebook account – such as sexual orientation, religion, ethnicity – that a lending institution would not normally know. In fact, it would be probably be against industry codes of practice and even discrimination legislation for such factors to be included when considering providing credit. How can you be sure that any CRA (Credit Rating Agency) has only considered those factors that are legal and ethical if they’ve trawled through your Facebook account?

But it gets even worse than this. Lenddo explicitly states that it “MAINTAINS THE RIGHT TO NOTIFY YOUR FRIENDS, FAMILY AND COMMUNITY if the borrower fails to repay”. This is a quote from their website, including the capital letters. So, picture the situation. You’re having a hard time, going through a bad patch, lost your job, lacking confidence, scared about how you are going to repay your debts and then, wham, you find out that one of your creditors is telling all your Facebook friends that you’re welching on your financial obligations. That’s really going to help. Lends a new meaning to the idea of “social network”, doesn’t it?

When news of Lenddo hit the fan last month I decided not to blog about it because I know I already bang on a bit about the downside of social networks. I’ve only changed my mind this week because I’m pleased to be able to balance this development with some much better news about privacy and the internet:

A woman (identified only as AMP) has obtained an injunction to “prevent transmission, storage and indexing of any part or parts of certain photographic images which are claimed to belong to the Claimant”. AMP had lost a mobile phone containing photographs intended only for the sight of herself and her partner. These appeared on the internet, together with enough information to identify the subject of the photographs. In the past, courts have been very reluctant to intervene when content has reached the internet. It is very, very difficult to stop the spread of data once it has been published online. In most cases, it is thought, any injunction would be unenforceable and, therefore, would do no more than bring the law into disrepute (remember all the fuss about “super injunctions” being subverted by Twitterers/Tweeters/Twits last year?). In this case, however, the judge ruled that the spread of the photos had not become uncontrollable as anyone looking for the material would (a) have to know that the material exists and is, therefore, worth searching for and (b) would need to know the identity of the subject in order to do the searching and (c) could, in principle, be traced on account of the way the files are copied and spread. The injunction was, therefore, granted. Aah, that’s better. Click here for the full Judgement.

We may be fighting a losing battle with online privacy. As mentioned in last week’s blog on Internet Privacy, companies like Google, Facebook, and Amazon hoover up every crumb of information they can glean about us and use it to target us with ads and content that they think will appeal to us. As far as I know there’s isn’t any perfect strategy for maintaining online privacy, but there are lots of small things we can do that will certainly help.

I’m not concerned here with security on the internet as it relates to the safety of children, or trying to hide our identity so that we may be completely untraceable. I’m just trying to keep down the amount of un-necessary information we give to the likes of Google. These tips are equally valid in a home computer or business computer environment.

So, here are some tips. They’re not listed in any particular order. Some are easier to put into practice than others:

Create another email account that you never intend to use for “real” email. Don’t include your own real name in the account name and don’t give real data when completing the compulsory items of information in the account profile. Quote this email address on any websites that demand you supply one and where you don’t expect a normal, ongoing, email exchange (since you don’t want to have to keep checking this account for incoming emails). Having an “anonymous” account like this also helps in keeping spam out of your main email account.

If a website demands that you give personal information that is not connected with a financial transaction nor has other legal implications, then LIE. I will NOT give my real address or date of birth online when there is no legitimate NEED for it (and there are few legitimate needs except the protection of the other party in financial transactions). If I am entering a compulsory date of birth on a website where this is “relevant” (but not essential for financial reasons) then I enter a date that is close to my own (so that it makes no difference for the legitimate purposes of the website) but from which I can not be traced.

When filling in online forms, exercise judgement in completing any item that is not marked as compulsory (usually indicated by an asterisk or written in red). If they don’t require you to give a date of birth then why would you? If an item is compulsory but impertinent then LIE.

Don’t click on any “like” buttons in Facebook or anything similar (eg in Google).

Don’t take part in online quizzes or polls.

Preferably, don’t use Facebook at all.

If you’re still keen to use Facebook, go through all the settings and mark everything private except what you explicitly wish to share.

If you use LinkedIn, do not click on ads without first changing your privacy settings to exclude monitoring your activity re ads.

Do not use Gmail or any of its branded versions (I think Virgin’s webmail is one of those). Google reads your emails and bombards you with “appropriate” Google ads (sponsored links). See last week’s blog on Internet Privacy.

If you must use Gmail, at least ensure that you sign out when you are not actually using the email as Google records everything you do in your browser if you are logged in as a Gmail user. They then use this info to target you with Google ads. I also sign out of other sites, such as Microsoft Live, as soon as I’ve finished with them.

Disable or remove browser add-ons that place “toolbars” and/or “search boxes” at the top of your browser. These often have tracking software in them. Incidentally, your browser performance will also be improved by doing this and your browser screen will be less cluttered.

Be very careful about “linking” any social networking site to any other (by giving any of them permission to access others). You might add data to one program, believing it to be private, forgetting that you have linked it to another program that sucks in what you thought was private data and spits it out somewhere more public.

Set your browser so that all cookies are deleted as soon as you close the browser (but this has implications – read on).

Set your browser to delete your browsing history as soon as you close your browser.

Set your browser to disallow third party cookies.

Turn off Amazon browsing history.

If you use Firefox or Chrome as your browser then you can install AdBlock Plus. This will stop most ads from appearing while you are browsing.

Do not be misled into thinking that “private browsing” will give you any protection. It does suppress evidence on your own computer but it does not prevent sites you visit from recording your activity. Nevertheless, it may help to turn it on.

More technical ways of throwing websites off your scent include using proxy servers and using a dynamic IP address.

If you want to make an online purchase from a website that you don’t completely trust, you can use a prepaid Mastercard. This will limit your financial exposure to the value on the card and will also keep all your personal information from the website.

As if all this wasn’t already a nightmare worthy of a Kafka novel, some of these measures nullify others. You can turn off Amazon’s “browsing history” but the instructions to turn these off are held in cookies so if you delete cookies (as recommended above) you’re back to square one. Doh!

Some of the tips above are easy to carry out and others less so. I haven’t attempted to give specific instructions (eg for different versions of different browsers) as it would just take too long.

If you’d like some help in tightening up your online privacy, contact me to arrange either a computer support visit or some online remote support.